Hi Peter

The command line which you have specified is for CATOS but, here we have IOS based switch.

i have tried configuring sever facility at 7 & severity as 7.

but i dont get any log in my syslog server when someone logs into the switch.

Even i am not getting any link trap message, if i am remvoing any of the link from the PC, which i am getting from other switches which are running CATOS 7.3. but not from Switches running IOS.

kindly revert back.

cheers

kashyap

"logging trap debugging" = Set syslog server logging level

Hi

Can you please give me all the commands which i shuold apply.

because on one of my switch i have already given the logging trap debugging , but still i am not getting the trpas if someone is logging into the switch.

what other command i need to specify to get all the traps in SYSLOG server.

kindly revert back.

cheers

kashyap

You need three commands to enable syslog logging on a switch.

1. Define server (logging x.x.x.x)

2. Set logging level (logging trap ) default level is Informational

3. Set syslog facility (logging facility ) Default is local7.

The switch will send syslog messages to a syslog deamon provide that daemon is setup to receive messages from the specified facility.

Judging from you previous messages, it appears that your syslog daemon is not setup to receive/display messages from the facility specified on the switch. You can confirm this by setting the switch buffer logging level to debug and generating a link up/down event, if the event is in the buffer log then the swicth did generate and send an event to the syslog server.

The daemon should also be able to generate test messages to a particalar facility.

I am not sure how to configure the switches to generate a syslog event when someone telnet to the device, by default, a syslog event is generated whenever a user exit configuration mode but not when a user successfully telnet to the device.

Applying an access list to the vty line and logging successful hits would however do the trick.

Jeff.

Hi, Below is the output of my Switch.

sh log

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)

Console logging: disabled

Monitor logging: level debugging, 0 messages logged

Buffer logging: level debugging, 56 messages logged

Exception Logging: size (8192 bytes)

Count and timestamp logging messages: disabled

Trap logging: level debugging, 55 message lines logged

Logging to 172.x.x.x, 21 message lines logged

Logging to 172.x.x.x, 21 message lines logged

Log Buffer (4096 bytes):

ULEONLINE: Module 5 is online

00:01:10: %SYS-5-CONFIG_I: Configured from memory by console

00:01:10: %SYS-5-RESTART: System restarted --

Cisco Internetwork Operating System Software

IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(20)EW, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2004 by cisco Systems, Inc.

Compiled Wed 02-Jun-04 18:32 by hqluong

00:02:53: %SYS-5-CONFIG_I: Configured from console by console

00:06:47: %SYS-5-CONFIG_I: Configured from console by console

00:12:12: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0320 GigabitEthernet1/2 moved to Forwarding (UplinkFast).

00:12:13: %SYS-5-CONFIG_I: Configured from console by console

01:03:41: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0001 GigabitEthernet1/2 moved to Forwarding (UplinkFast).

01:03:43: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0990 GigabitEthernet1/2 moved to Forwarding (UplinkFast).

01:52:51: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0001 GigabitEthernet1/1 moved to Forwarding (UplinkFast).

01:52:53: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

02:00:29: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

14:23:20: %SYS-5-CONFIG_I: Configured from console by console

14:23:53: %SYS-5-CONFIG_I: Configured from console by console

14:24:39: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0320 GigabitEthernet1/2 moved to Forwarding (UplinkFast).

14:24:40: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0322 GigabitEthernet1/2 moved to Forwarding (UplinkFast).

2d08h: %SWITCH_QOS_TB-5-TRUST_DEVICE_LOST: cisco-phone no longer detected on port Fa5/27, port set to untrusted.

2d08h: %SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Fa5/27, port trust enabled.

3d22h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d14h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d15h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d16h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d17h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d18h: %SYS-5-CONFIG_I: Configured from console by vty0 (172.x.x.x)

6d18h: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0320 GigabitEthernet1/1 moved to Forwarding (UplinkFast).

i have done the settings which you have said, but its not sending to syslog server.

kindly revert....

Cheers

kashyap

You should also make sure you have connectivity between the switch and the syslog server.

Hope this helps,

yes connectivity is ok between my syslog server & Swithes

what i really doubt is about the syslog server whether it supports this switches or not.

any inputs????

Cheers

kashyap

Support for syslog is not platform specific. All equipments supporting syslog follow the same standard and send syslog messages on UDP port 514. Any chance there is an ACL in the path between the switch and the syslog server?

Hope this helps,